New Ransomware Bill Shows Promise But is Undermined by a Limited Scope

A new bill has been proposed to address Ransomware. Congressman Patrick McHenry recently introduced the Ransomware and Financial Stability Act of 2021.

Good Direction, but Falls Short

I believe it is the right direction for undermining ransomware attacks, by disallowing payments, but it just does not go far enough.

This proposal only targets and benefits traditional financial institutions. Whereas, ransomware puts at risk every business, person, and government service that directly or indirectly relies upon digital services and solutions! That includes all this nation’s critical infrastructure like fuel distribution, the electrical grid, emergency response systems, healthcare, financial sector (including cryptocurrency), food/water distribution, and many more.

Therefore, everyone is at risk!

This bill does begin to explore the fact that establishing regulations to forbid payments by victims to attackers, creates an undesired environment for cybercriminals to operate. Why would they attack victims with ransomware, if they know they won’t get paid? This leverages the very greed of the attackers against them, motivating them to move back to traditional methods that are more manageable by defenders and far less damaging to the nation as a whole.

This proposal however, does not go far enough. By only specifying the financial sector, threats will simply redirect their attacks to non-financial sectors and still ravage the nation!

What is needed is to ban all digital extortion payments to truly discourage all ransomware attackers in an effective way!


Hope for the Future

I am excited and think this legislation is a positive step forward because it gives a hint that some members of Congress might just be moving towards productive measures!

This act shows Congress recognizes:

  1. Importance of crushing ransomware attacks, as it is impacting national critical infrastructure, growing at a phenomenal rate, and funding our enemies.
  2. There is a Need for legislation, as the allowance of victims to act independently, only reinforces their self-serving behavior that ultimately harms the rest of the community at large. Allowing victims to pay and financially support cybercriminals is exactly the game ransomware attackers want us to play (because they are WINNING in a HUGE way)
  3. A national-level strategic plan is needed that undermines ransomware attacks and results in meaningful outcomes to protect the people, economy, infrastructure, services, and freedoms of our nation

More on Ransomware

If you are interested in the ransomware topic, I have created a number of videos, on the Cybersecurity Insights channel, that explain in greater detail the growing risks, impacts, why traditional security methodologies have failed, and most importantly what we can ACTUALLY do at a national level to systematically STOP ransomware attacks from occurring.

Cybersecurity Insights channel Ransomware Playlist —

Thanks for reading/watching. Please share your thoughts, concerns, or ideas! Let us never forget, we have a common enemy, cybercriminals — who seek to undermine the trust and abuse digital technology and services for their benefit to our detriment. They want us to be divided, ignorant, and complacent.

We are all stronger when we communicate and collaborate together.

E-mail me when people leave their comments –

CISO and Cybersecurity Strategist

You need to be a member of CISO Platform to add comments!

Join CISO Platform

RSAC Meetup Banner

CISO Platform

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

Join CISO Community Share Your Knowledge (Post A Blog)